RE: Interesting One

["Carol Stone" <carol () carolstone com>]

> -----Original Message-----
> From: ATD [mailto:simon () snosoft com]
> Sent: Wednesday, October 30, 2002 6:08 PM
>
>
> I have heard similar claims from "agencies" about the ability to recover
> data after multiple re-writes. I also happen to know that several of
> these "agencies" when doing drive disposal, literally drill holes in
> their drives then incinerate them. That is after they wipe the drive
> clean several times. I'd assume that there is a reason for such
> paranoia, wouldn't you?  Or do you think they are just playing it super
> safe?

The Bruce Schneier reference I promised the list is on pages 253 - 254 and yes,
he's talking about magnetic force microscopy but no, he doesn't provide any
footnotes. He just has a couple pages of heavy-duty reading listed at the back
finished with an apology to all the other references he forgot to mention.

But to answer your question - if you're a government and you know how to recover
data that's been overwritten some number of times, surely you're also working on
improving on that number and expecting other governments and shady characters to
do the same? I imagine whatever was just barely possible last year is now merely
difficult. With enough time, money and intent, I've no doubt that 30 times is a
perfectly reasonable number.

But I can't imagine anyone operating with something much less than a
governmental budget being able to afford to become particularly good at
recovering data overwritten *that* many times.

Then again, maybe I'm just naive. I imagine if anyone *really* wanted any
information about me, they probably wouldn't have to do anything more expensive,
difficult or high-tech than paw through my trash.

-carol stone